Zip File Extraction Vulnerability in SAP Disclosure Management 10.x

Zip File Extraction Vulnerability in SAP Disclosure Management 10.x

CVE-2018-2487 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

Learn more about our User Device Pen Test.